Qureos

Find The RightJob.

companyLogo
Rivian

Staff Cybersecurity Analyst, Risk Management

The Cybersecurity Analyst – Risk Management is a mid-career individual contributor supporting Rivian’s cybersecurity risk management practice. This role involves day-to-day management of cybersecurity risks, monitoring key risk indicators (KRIs), and facilitating risk discussions with technology and business stakeholders.

The analyst will leverage Rivian’s risk platforms and AI-enabled tooling to improve efficiency, transparency, and defensibility of risk decisions. This role sits within Enterprise Cybersecurity on the Cybersecurity Risk Management team and partners closely with the Cyber Third-Party Risk Management (TPRM) lead, security engineering teams, and other functions.

  • Risk Register Ownership: Maintain and continuously improve the cybersecurity and crown-jewel risk registers, ensuring risks are clearly defined, scored, prioritized, and kept current.
  • Track risk status from identification through treatment and closure, including documenting decisions, owners, due dates, dependencies, and evidence.
  • Design, implement, and monitor KRIs and related metrics, such as control health, incident trends, and assessment throughput, to provide an objective view of risk posture.
  • Meet regularly with risk owners and functional leaders to gather updates, validate assumptions, and align on risk treatment plans and progress.
  • Evaluate how risks propagate across systems, suppliers, processes, and programs; surface second-order and cascading impacts in risk narratives and dashboards.
  • Collaborate with the Cyber TPRM lead where responsibilities intersect, including supplier-driven risks, concentration risk, and systemic control gaps, to ensure consistent risk assessment and treatment.
  • Help facilitate workshops and review sessions with business and technology leaders to clarify risk scenarios, tradeoffs, and treatment options.
  • Use Rivian’s risk platform and AI-enabled tools to improve efficiency, effectiveness, and expediency in risk logging, analysis, reporting, and communication.
  • Maintain and evolve a Cybersecurity Risk Dashboard that provides an accurate, near real-time view of key risks, KRIs, and trends for leadership and governance forums.
  • Apply NIST CSF and ISO 27001 concepts when assessing controls, documenting risks, and proposing treatments, helping ensure consistency with the ISMS and enterprise risk practices.
  • Identify gaps and friction in current risk processes and propose practical improvements to increase clarity, adoption, and impact.

Minimum Qualifications
  • 5+ years of combined experience in cybersecurity, technology risk, enterprise risk management, or related fields.
  • At least 3 years with primary responsibility for leading or owning a risk management function, program, or risk domain within an organization.
  • Hands-on experience maintaining and operating risk registers and risk management tooling, including GRC, IRM, or dedicated risk platforms.
  • Working knowledge of the NIST Cybersecurity Framework (CSF) and exposure to frameworks such as ISO/IEC 27001, including risk assessment/treatment concepts and control alignment.
  • Demonstrated ability to influence risk treatment decisions, not just document them, by framing options, tradeoffs, and business impact for stakeholders.
  • Strong analytical and quantitative risk skills, including building KRIs, basic risk modeling, scenario comparison, and trend analysis.
  • High comfort working with AI tools for analysis, synthesis, workflow automation, and responsible experimentation to improve risk processes.
  • Excellent written and verbal communication skills with the ability to translate complex technical risks into concise, business-relevant narratives.
  • Proven ability to work cross-functionally, build trust with stakeholders, and facilitate productive discussions in ambiguous situations.
Preferred Qualifications
  • Experience with modern GRC/IRM or dedicated risk platforms and building risk dashboards for security leadership.
  • Professional certifications such as CRISC, PMI-RMP, CISM, or similar.
  • Experience in fast-paced, high-growth environments such as technology, automotive, or manufacturing, where speed, agility, and rigor are required.

Similar jobs

The Home Depot logo
Cybersecurity Senior Engineer - Non Human Identity (Remote)

The Home Depot

Atlanta, United States

1 day ago

The Home Depot logo
Cybersecurity Principal, AI Identity (REMOTE)

The Home Depot

Atlanta, United States

1 day ago

The Home Depot logo
Cybersecurity Manager, Technology Asset Management (Remote)

The Home Depot

Atlanta, United States

1 day ago

The Home Depot logo
Cybersecurity Analyst II (Remote)

The Home Depot

Atlanta, United States

1 day ago

The Home Depot logo
Cybersecurity Analyst II (Remote)

The Home Depot

Atlanta, United States

1 day ago

The Home Depot logo
Cybersecurity Analyst - SSE

The Home Depot

Atlanta, United States

1 day ago

© 2026 Qureos. All rights reserved.

Term of usePrivacy policy